help-guix
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Connection refused to Guix-hosted SSH

From: Efraim Flashner
Subject: Re: Connection refused to Guix-hosted SSH
Date: Wed, 19 Oct 2022 21:54:08 +0300 
From a previous email it looks like you only have an rsa key


debug1: Connection established.
debug1: identity file /home/pcp/.ssh/id_rsa type 0
debug1: identity file /home/pcp/.ssh/id_rsa-cert type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa-cert type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa_sk type -1
debug1: identity file /home/pcp/.ssh/id_ecdsa_sk-cert type -1
debug1: identity file /home/pcp/.ssh/id_ed25519 type -1
debug1: identity file /home/pcp/.ssh/id_ed25519-cert type -1
debug1: identity file /home/pcp/.ssh/id_ed25519_sk type -1
debug1: identity file /home/pcp/.ssh/id_ed25519_sk-cert type -1
debug1: identity file /home/pcp/.ssh/id_xmss type -1
debug1: identity file /home/pcp/.ssh/id_xmss-cert type -1
debug1: identity file /home/pcp/.ssh/id_dsa type -1
debug1: identity file /home/pcp/.ssh/id_dsa-cert type -1
debug1: Local version string SSH-2.0-OpenSSH_8.9


On Fri, Oct 14, 2022 at 10:01:57PM +0200, dabbede@gmail.com wrote:
> On Fri, Oct 14, 2022 at 7:06 PM Felix Lechner
> <felix.lechner@lease-up.com> wrote:
> >
> > Hi,
> >
> > On Fri, Oct 14, 2022 at 1:54 AM dabbede@gmail.com <dabbede@gmail.com> wrote:
> > >
> > > Finally, I also tried to manually start sshd on port 2222
> >
> > I think that is a fabulous idea, especially if you can prevent
> > daemonization with -d (or -D).
> >
> > > this is the output /etc/ssh/sshd_config: No such file or directory
> >
> > The sshd_config is in /gnu/store. It is generated by 'guix system
> > reconfigure'. You can see all available versions with
> >
> >     ls -ld /gnu/store/*sshd-config
> >
> > In a bind, I would pick one that should work and pass it via -f.
> 
> I just have 3 versions in /gnu/store/, all of them very similar one
> another. I just picked up the first one and tried running sshd -d -p
> 2222 -f /gnu/store/....path_to_sshd_config
> The server starts up waiting for connections. Then, on another tty
> (and another user), I try to connect to port 2222 in localhost: client
> side receives "Connection reset by 127.0.0.1 port 2222", while the
> server side reports this:
> 
> debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q  5 Jul 2022
> debug1: private host key #0: ssh-rsa
> SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM
> debug1: private host key #1: ecdsa-sha2-nistp256
> SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4
> debug1: private host key #2: ssh-ed25519
> SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI
> debug1: 
> rexec_argv[0]='/gnu/store/jgw64z5w2q6b4nph7a74jc97ihfxkfsf-openssh-8.9p1/sbin/sshd'
> debug1: rexec_argv[1]='-d'
> debug1: rexec_argv[2]='-f'
> debug1: 
> rexec_argv[3]='/gnu/store/h5hri15x24vljfahpwv1b4dva69nbis3-sshd_config'
> debug1: rexec_argv[4]='-p'
> debug1: rexec_argv[5]='2222'
> debug1: Set /proc/self/oom_score_adj from 0 to -1000
> debug1: Bind to port 2222 on 0.0.0.0.
> Server listening on 0.0.0.0 port 2222.
> debug1: Bind to port 2222 on ::.
> Server listening on :: port 2222.
> debug1: Server will not fork when running in debugging mode.
> debug1: rexec start in 5 out 5 newsock 5 pipe -1 sock 8
> debug1: sshd version OpenSSH_8.9, OpenSSL 1.1.1q  5 Jul 2022
> debug1: private host key #0: ssh-rsa
> SHA256:stg5akPHR8JGdXPXmqUYJhhZFj1UmEmWx19el4EiHGM
> debug1: private host key #1: ecdsa-sha2-nistp256
> SHA256:zfyEMyjDdSOHX3e9byADPp5sm7Pu6zdq2jnQSWbDo+4
> debug1: private host key #2: ssh-ed25519
> SHA256:tBpk8+XR3GalUmNqIxT6ITf5Tyy8WKVSxBULZjAmQqI
> debug1: inetd sockets after dupping: 3, 3
> Connection from 127.0.0.1 port 33818 on 127.0.0.1 port 2222 rdomain ""
> debug1: Local version string SSH-2.0-OpenSSH_8.9
> debug1: Remote protocol version 2.0, remote software version OpenSSH_8.9
> debug1: compat_banner: match: OpenSSH_8.9 pat OpenSSH* compat 0x04000000
> debug1: permanently_set_uid: 989/983 [preauth]
> debug1: list_hostkey_types:
> rsa-sha2-512,rsa-sha2-256,ecdsa-sha2-nistp256,ssh-ed25519 [preauth]

^^^ There are rsa keys listed here, so the server should have rsa keys
in /etc/ssh.

> debug1: SSH2_MSG_KEXINIT sent [preauth]
> debug1: monitor_read_log: child log fd closed
> debug1: do_cleanup
> debug1: Killing privsep child 366
> 
> I'm puzzled, as I don't understand exactly what went wrong...
> 
> > To find the version that is actually used by your current system
> > generation and corresponds to your latest config.scm would require
> > some sleuthing. You may have to examine the symbolic links in the
> > system profile and, possibly, in /gnu/store. You may be able to get
> > better advice about that in #guix on IRC.
> >
> > Either way, please do not make any manual changes to /gnu/store,
> > however tempting it may appear.
> >
> > Kind regards
> > Felix Lechner
> 
> Thanks again, regards

There was recently a change in openssh to deprecate support for rsa-sha1
keys. Try generating new ssh keys using a newish version of openssh and
using that as your keys for pcp or test, and see if that works for
connecting using a key.

-- 
Efraim Flashner   <efraim@flashner.co.il>   אפרים פלשנר
GPG key = A28B F40C 3E55 1372 662D  14F7 41AA E7DC CA3D 8351
Confidentiality cannot be guaranteed on emails sent or received unencrypted

Attachment: signature.asc
Description: PGP signature

reply via email to
[Prev in Thread] Current Thread [Next in Thread]